Try Our New BETA Version
GO
(navigation image)
Home Animation & Cartoons | Arts & Music | Community Video | Computers & Technology | Cultural & Academic Films | Ephemeral Films | Movies | News & Public Affairs | Prelinger Archives | Spirituality & Religion | Sports Videos | Television | Videogame Videos | Vlogs | Youth Media
Search: Advanced Search
Anonymous User (login or join us)
Upload

View movie

item imageitem imageitem imageitem image

View thumbnails

Play / Download (help[help])

(147.2 M)Ogg Video
(365.9 M)h.264
(586.8 M)QuickTime


All Files: HTTPS Torrent (2/0)
[Attribution-Share Alike 3.0]

Resources

Bookmark

Xeno KovahThe Life Of Binaries Day 1 Part 1

something has gone horribly wrong 8-p
Prefer flash? · Embed · Questions/Feedback?

Have you ever wondered what happens when a C program is compiled and executed on a system? This class will investigate the life of a binary from birth as C source code to death as a process running in memory being terminated.

Topics will include but are not limited to:
• Scanning and tokenizing source code.
• Parsing a grammar and outputting assembly code.
• Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code).
• Linking object files together to create a well-formed binary.
• Detailed description of the Windows PE binary formats.
• How Windows loads a binary into memory and links it on the fly before executing it.

Along the way we will discuss the relevance of security at different stages of a binary’s life, from how viruses *really* work, to the way which malware “packers” duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).

Lab work will include:
• Manipulating compiler options to change the type of assembly which is output
• Manipulating linker options to change the structure of binary formats
• Reading and understanding PE files with PEView
• Using WinDbg to watch the loader resolve imports in an executable
• Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism
• Creating a simple example virus for PE
• Analyze the changes made to the binary format when a file is packed with UPX
• Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program’s calls to external libraries, allowing processes to be hidden.

The prerequisites for this class are a basic understanding of C programming and compilation. This class will be recommended for a later class on rootkits, and required for a later class on malware analysis.



This movie is part of the collection: OpenSecurityTraining.info

Producer: Xeno Kovah
Audio/Visual: sound, color
Language: English
Keywords: training; education; multi-day-class; multi-day-training; classes; computer security class; computer; computers; security; computer security; cyber security; host security; binaries; binary format; binary executable format; Windows executable; Windows PE; PE; PE/COFF; Portable Executable format; parsing; lexing; tokenizing; concrete syntax tree; parse tree; abstract syntax tree; abstract assembly tree; context free grammars; compiling; compilation; compiler; linking; linker; Intel; x86; Intel x86; IA32; x86 assembly; DOS Header; File Header; Optional Header; Section Header; imports; IAT; Import Address Table; bound imports; delayed imports; runtime imports; import by name; import by ordinal; relocations; IAT hooking; Import Address Table hooking; exports; EAT; Export Address Table; forwarded exports; relocatable code; TLS; Thread Local Storage; resources; load configuration; signed code; DEP; data execution prevention; ASLR; Address Space Layout Randomization; SEH; Structured Exception Handling; Structured Exception Handlers; computer virus; computer viruses; packers; packing; UPX; reverse engineering; debugging; debugger; WinDbg; OpenSecurityTraining.info
Contact Information: www.OpenSecurityTraining.info

Creative Commons license: Attribution-Share Alike 3.0


Individual Files

Movie Files Animated GIF QuickTime h.264 Ogg Video Thumbnail
PR_LifeOfBinariesDay1Part1.mov 319.7 KB 
586.8 MB 
365.9 MB 
147.2 MB 
5.8 KB 
Information FormatSize
TheLifeOfBinariesDay1Part1_files.xml Metadata [file] 
TheLifeOfBinariesDay1Part1_meta.xml Metadata 3.9 KB 
Other Files Archive BitTorrent
TheLifeOfBinariesDay1Part1_archive.torrent 23.5 KB 

Be the first to write a review
Downloaded 3,809 times
Reviews


Terms of Use (31 Dec 2014)